Big-ip Access Policy Manager Client Security Vulnerabilities and Issues — Big-ip Access Policy Manager Client CVE List

Lucene search

F5Big-ip Access Policy Manager Client

6 matches found

CVE•added 2020/04/30 10:15 p.m.•72 views

CVE-2020-5892

In versions 7.1.5-7.1.8, the BIG-IP Edge Client components in BIG-IP APM, Edge Gateway, and FirePass legacy allow attackers to obtain the full session ID from process memory.

6.7CVSS6.4AI score0.00092EPSS

CVE•added 2020/02/06 4:15 p.m.•56 views

CVE-2020-5855

When the Windows Logon Integration feature is configured for all versions of BIG-IP Edge Client for Windows, unauthorized users who have physical access to an authorized user's machine can get shell access under unprivileged user.

4.6CVSS4.6AI score0.0015EPSS

CVE•added 2020/05/12 4:15 p.m.•49 views

CVE-2020-5897

In versions 7.1.5-7.1.9, there is use-after-free memory vulnerability in the BIG-IP Edge Client Windows ActiveX component.

8.8CVSS8.6AI score0.0086EPSS

CVE•added 2020/05/12 4:15 p.m.•46 views

CVE-2020-5896

On versions 7.1.5-7.1.9, the BIG-IP Edge Client's Windows Installer Service's temporary folder has weak file and folder permissions.

7.8CVSS7.6AI score0.00062EPSS

CVE•added 2020/05/12 4:15 p.m.•43 views

CVE-2020-5898

In versions 7.1.5-7.1.9, BIG-IP Edge Client Windows Stonewall driver does not sanitize the pointer received from the userland. A local user on the Windows client system can send crafted DeviceIoControl requests to \.\urvpndrv device causing the Windows kernel to crash.

5.5CVSS5.5AI score0.00067EPSS

CVE•added 2020/04/30 9:15 p.m.•40 views

CVE-2020-5893

In versions 7.1.5-7.1.8, when a user connects to a VPN using BIG-IP Edge Client over an unsecure network, BIG-IP Edge Client responds to authentication requests over HTTP while sending probes for captive portal detection.

4.3CVSS4.4AI score0.00127EPSS